Opened 13 years ago

Closed 9 years ago

Last modified 7 years ago

#296 closed enhancement (not a bug)

clients potentially overwhelm circuits with new streams

Reported by: goodell Owned by: arma
Priority: Very Low Milestone: post 0.2.1.x
Component: Core Tor/Tor Version:
Severity: Keywords:
Cc: goodell, nickm Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description (last modified by nickm)

Well-behaved Tor clients SHOULD not attach a stream to a circuit
if the circuit has more than N not-yet-connected streams on it.
In particular, some exit nodes cannot handle so many new TCP
connections to open, even if middleman nodes just see all of the
traffic as cells to pass along.

[Automatically added by flyspray2trac: Operating System: All]

Child Tickets

Change History (4)

comment:1 Changed 13 years ago by phobos

Do we have any suggestions as to how many is too many? On Windows, OSX, and Linux I'm able to see 40 streams in "sentconnect" status working fine.

comment:2 Changed 13 years ago by nickm

Alternatively, exit nodes that can't handle so many simultaneous connect() requests could delay
connection attempts until the existing connect() attempts had succeeded or failed. This would have
the advantages of:

  • Keeping the specification simple (no need to tell clients not to send "too many" requests)
  • Allowing powerful exit nodes running a decent OS to behave sanely and provide their actual capabilities.
  • Putting control of the rate limiting in the hands of the exit node, who is after all the only party here who knows how many simultaneous connect() requests it has pending.

But before we can do this, we kinda need an answer to Phobos's question: which OSs are these that
can't handle so many simultaneous connect() requests?

comment:3 Changed 9 years ago by nickm

Description: modified (diff)
Resolution: Nonenot a bug
Status: assignedclosed

I'm going to close this. Any solution here needs to be at the exit-node level, since 1) relying on clients to be well-behaved is a DoS opportunity, and 2) even if clients are all very nice, the exit node will still run into any limits it has.

That's the solution. Is there a problem? We've had 4 years to find out, and there doesn't seem to be a problem except with versions of windows that have an idiotic limit on the number of half-open connections. (I'm sure that this really is an antivirus feature like they claim, and that nothing was further from their minds than forcing people to upgrade to Server.) The limits are generally so low that trying to work within them is fairly pointless, and a much better answer is to use one of various tools to hack your windows libraries and remove the limit.

comment:4 Changed 7 years ago by nickm

Component: Tor ClientTor
Note: See TracTickets for help on using tickets.